Discover Sub-Domains From SSL Certificates through – GetAltName

GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.

GetAltName - Discover Sub-Domains From SSL Certificates

 

It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope.

Features of GetAltName to Discover Sub-Domains

  • Strips wildcards and www’s
  • Returns a unique list (no duplicates)
  • Works on verified and self-signed certs
  • Domain matching system
  • Filtering for main domains and TLDs
  • Gets additional sub-domains from crt.sh
  • Outputs to clipboard

GetAltName Subdomain Exctraction Tool Usage

You can output to a text file and also copy the output to your clipboard as a List or a Single line string, which is useful if you’re trying to make a quick scan with Nmap or other tools.

 

GetAltName Required

  • colorama
  • ndg-httpsclient
  • pyperclip
  • requests
  • tldextract

You can download GetAltName here:

getaltname-1.0.0.zip

Or read more here.

 

Share Your View Below In Comments For More Detail Implementations.

Leave a Reply

Your email address will not be published. Required fields are marked *